<?php
/*
A function to convert UTF-8 to HTML entities
Here you can see this function in action

*/
function JB_utf8_to_html ($data) {
    return preg_replace("/([\\xC0-\\xF7]{1,1}[\\x80-\\xBF]+)/e", '_utf8_to_html("\\1")', $data);
}

function _utf8_to_html ($data) {

	
    $ret = 0;
	
    foreach ((str_split(strrev(chr((ord($data{0}) % 252 % 248 % 240 % 224 % 192) + 128) . substr($data, 1)))) as $k => $v)
        $ret += (ord($v) % 128) * pow(64, $k);
	if ($ret<256) return chr($ret); // no need to convert to entities
    return "&#$ret;";
}

// get the base instalation directory of the job board
// with slash / at the end.
function JB_basedirpath() {

	static $dir;

	if ($dir!='') {
		return $dir;
	}

	$dir = dirname(__FILE__);
	$dir = preg_split ('%[/\\\]%', $dir);
	$blank = array_pop($dir);
	$dir = implode('/', $dir);

	$dir = $dir.'/';

	return $dir;

}

/**
 * @return string
 * @param string
 * @desc Strip forbidden tags and delegate tag-source check to JB_removeEvilAttributes()
 */
function JB_removeEvilAttributes($tagSource) {

	$stripAttrib = '/style[\s]+?=|class[\s]+?=|onabort|onactivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror|onerrorupdate|onfilterchange|onfinish|onfocus|onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture|onmousedown|onmouseenter|onmouseleave|onmousemove|onmouseout|onmouseover|onmouseup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|onresize|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|onsubmit|onunload/i';

    $tagSource = preg_replace($stripAttrib, '  ', $tagSource);
	
     return $tagSource;
}
/**
 * @return string
 * @param string
 * @desc Strip forbidden attributes from a tag
 */
function JB_removeEvilTags($source) {
   $source = JB_xss_scrub($source);
   $allowedTags = '<h1><b><br><br><i><a><ul><li><hr><blockquote><img><span><div><font><p><em><strong><center><div><table><td><tr>';
   $source = strip_tags($source, $allowedTags);
   return JB_removeEvilAttributes($source);
   //return preg_replace('/<(.*?)>/ie', "'<'.JB_removeEvilAttributes('\\1').'>'", $source);
}

##########################################
# This function removes some undesired elements which can be used to
# craft xss attacks
# This function is called by JB_removeEvilTags($source)
# but should be called
# on any input that comes form the outside and then is displayed later

function JB_xss_scrub($str) {

	if (!is_string($str)) {
		return false;
	}
	
	// The ASCII characters can be printed using html
	// entites. Like this &#X00 or like this &#X00; 
	// the can be padded with 0's to too, like this &#X0000A; &#12391;
	// Some browsers can parse the htmlentities as normal tags!
	// Solution: Change these to normal acsii

	// (x)? matches hex, if no x then it is decimal
	if (preg_match_all('/&#(x)?0{0,8}([0-9a-f]+);?/i', $str, $m)) {

		foreach ($m[2] as $key=>$num) {
			if ($m[1][$key]!='') { // its a hex, change to decimal
				$num = hexdec($num);
			}
			if ($num < 0x7E) { // is it ASCII? 
				// Someone just tried to sneak in an ASCII character using
				// html entities.
				// Replace the entire match with the standard ASCII character
				$str = str_replace($m[0][$key], chr($num), $str);
			}
		}
		
	}

	/*

	remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
    this prevents some character re-spacing such as <java\0script>
    note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs

   Source: http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php

	*/

	$str = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $str);

	return $str;
	

}
?>